LastPass: The Latest Among Large Data Breaches In US History
LastPass has been hacked and has apparently lost a copy of the data storing customers’ encrypted passwords.
According to LastPass, the hacker copied a backup of customer vault data from an encrypted storage container during the intrusion, giving him access to the password data.
LastPass verified the system breach three weeks prior, but no other information about the incident was provided. It wasn’t obvious which user data was compromised until LastPass confirmed it was the password data.
According to sources, the stolen vault material contained completely encrypted sensitive fields such as website usernames and passwords, secure notes, form-filled data, and encrypted website URLs.
The company is telling users that even though a copy of the data file has been stolen, there is no cause for concern because the stolen data vault is protected by 256-bit AES encryption.
Even if the hacker now has access to the usernames, nothing can be done without the password. The passwords are only known to the vault’s masters, which are the clients, and the hacker does not have access to this information.
There is no way to decode the data without this password. As a reminder, the master password is never known by LastPass and is never saved or maintained by the firm. LastPass has not been recording or auto-saving passwords.
The problem now is that a hacker can use a multitude of methods to gain a customer’s master vault password. This could be accomplished by employing brute-force assaults to guess the password.
Although remembering each customer’s password will never be an easy task. This is when the importance of creating a complex and unique password comes in handy.
LastPass used a minimum of 12 characters as a security safeguard in all of its master vaults. It is believed that no one has used their precise name or username as their password, instead opting for basic digital digits.
Another risk is that the hacker will use phishing techniques to get the customers’ passwords.
This would entail sending bogus text messages or emails to consumers posing as the company in order to deceive them into sharing and revealing their login credentials.
As a result, consumers have been warned not to respond to any strange text messages or emails and to alert the company or authorities as soon as possible.
LastPass released a statement in which they stated that they would never phone, email, or text you and ask you to click on a link to verify your personal information.
It went on to say that, other from when you sign into your vault using a LastPass client, LastPass would never ask you for your master password.
According to reports, the hacker also has access to basic user account information such as email addresses, phone and mobile phone numbers, IP addresses, and billing addresses, allowing the hacker to target clients individually.
This may also be more useful when attempting to guess passwords.
In addition, the corporation revealed that the hacker obtained the source code and technical data in August. With this information, the hacker was able to easily hack a LastPass employee and steal their credentials and security keys to access files from the company’s cloud-based storage service.
The cloud storage operations are not tied to the company’s production IT infrastructure. It still keeps backups of firm data.
LastPass is taking steps to change all corporate login passwords, and the business has claimed that it is also doing an intensive investigation of every account with signals of suspicious activity within its cloud storage service, and installing additional precautions within that environment.
LastPass is a password management and computer security startup founded in 2008 by Joe Siegrist and later purchased by LogMeIn. Karim Toubba is the company’s current Chief Executive Officer (CEO).
Data breaches are growing more widespread in the United States, which is cause for alarm. Every business and organisation faces the risk of a cyber-attack or data breach. As security measures get more stringent, hackers uncover new techniques and weaknesses to gain access to data systems.
First American Financial Corp., JPMorgan Chase, LinkedIn, MySpace, Marriott International, eBay, Home Depot, FriendFinder Networks, Equifax, Cash App, Dubsmash, Heartland Payment Systems, Zynga, Adobe, LAUSD (Los Angeles Unified School District), Capital One, Target, Plex, River City Media, Exactis, and Deep Root Analytics are among the other companies that have experienced data breaches over the years.
Facebook has always been plagued by significant and minor data breaches and leaks. In April 2021, Facebook experienced a huge data breach that affected 530 million members. It exposed user information such as names, account names, passwords, and phone numbers.
One Reply to “LastPass: Biggest Data Breaches In US History”
Comments are closed.